New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.
Search across headline titles and summaries.
Background for this topic.
Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.
Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.
Weekly headline count for the current query.
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Security researchers have challenged end-to-end encryption claims from popular commercial password managers
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials
FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords
Report reveals common password use in RDP attacks, highlighting weak credentials remain a major security flaw
HaveIBeenPwned has added over 500 million new passwords and email addresses lifted via infostealers
The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025
Ireland's Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations
The institute no longer requires regular password changes unless the authenticator has been compromised
The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info
According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information
A Cybernews investigation found that nearly 10 billion unique passwords have been posted on a popular hacking forum, putting users worldwide at risk of account compromises
Experts at Infosecurity Europe 2024 advised organizations to move away from passwords for greater security
Attackers accessed emails, usernames, phone numbers, hashed passwords and authentication information